Scribd
Upload
63 views12 pages

Computer Passwords: Kaupo Nõlvak

This document discusses computer password security and research on passwords. It summarizes that passwords need to be both memorable and secure, but most people cannot achieve this balance. Research found the most common passwords are easily guessable numbers or names. Studies also showed older internet users tended to choose less secure passwords than younger users. The document recommends using passphrases of multiple random words or mnemonic passwords as more secure options. However, complete security is difficult to achieve given tensions between usability and safety.

Uploaded by

Kaupo Nõlvak
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
63 views12 pages

Computer Passwords: Kaupo Nõlvak

This document discusses computer password security and research on passwords. It summarizes that passwords need to be both memorable and secure, but most people cannot achieve this balance. Research found the most common passwords are easily guessable numbers or names. Studies also showed older internet users tended to choose less secure passwords than younger users. The document recommends using passphrases of multiple random words or mnemonic passwords as more secure options. However, complete security is difficult to achieve given tensions between usability and safety.

Uploaded by

Kaupo Nõlvak
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Computer passwords

Kaupo Nlvak
Tartu University Faculty of Social Sciences and Education 23.03.2012

Overview

What kind should be the password? What kind are people?

What researchers do?

Password

Passwords are very important in computer security


They need to be memorable and secure Most people can not do it

Password

Hard to guess

A good password has to be easy to remember and hard to guess


Names of wives, husbands and children are popular From 32m passwords 365,000 peoplehad opted either for 123456 or for 12345.

Cambridge University research


From Yahoo! 70M passwords Old vs Young Most and least secure language An attacker who can manage ten guesses per accountwill compromise around 1% of accounts. And that, from the hackers point of view, is a worthwhile outcome.

Solutions

Sites should limit the number of guesses A sample of 150 big websites examined in 2010 by Mr Bonneau and his colleague Sren Preibusch found that 126 made no attempt to limit guessing

Skysail dactyl gimcrack golem

One such is multi-word passwords called passphrases


A phrase of four or five randomly chosen words is fairly secure The need for memorability is a boon to attackers

Mnemonic password

A string of apparent gibberish which is not actually too hard to remember


Varying upper and lower case, and substituting some symbols for others8 for B, for instance

A study published in 2006 cracked 4% of the mnemonics in a sample using a dictionary based on song lyrics, film titles and the like.

All security is irritating

The upshot is that there is probably no right answer.


There is a constant tension between peoples desire to be safe and their desire for things to be simple.

While that tension persists, the hacker will always get through.

Questions?

You might also like